gentoo auto-resync : 24:05:2023 - 03:01:18

3 files changed, 253 insertions, 0 deletions

diff --git a/dev-qt/qtgui/Manifest b/dev-qt/qtgui/Manifest
index 48a4bd577c06..be8097261a34 100644
--- a/dev-qt/qtgui/Manifest
+++ b/dev-qt/qtgui/Manifest
@@ -1,5 +1,7 @@
+AUX qtgui-5.15.9-CVE-2023-32763.patch 2665 BLAKE2B d13a74f00ed348fcb7d98b29004e04deecd5cb41cca502f9361ef6166889c84ce1e8673f3c6e515647a1ae375d5e2f978b3cc049671702159a7f38992d508d77 SHA512 8761def1b29df823e6929731a4a6f23341417aeacfa46fc48cc2eb9f0ff560f0a5bf8cbc9ad9b84ee34b1afc4ff6dea2061d1e5036454e422e139ea2a6a97068
 DIST qtbase-5.15-gentoo-patchset-4.tar.xz 4884 BLAKE2B ef1f11ea63084b834e19a9bd4c4a146e0d47f10e6c1f540a23db64ba6b0d42f46d63f54f93587deae9ac528f6824fa0e88177fe109a53aaee7d8328d49e364cd SHA512 1ae6630cef6bead9187aaaf7c420566b2c1f946bfa22cb983c52267c098e9b1c7b82c99204cbd3eed5eb6ebde0359726e260fd449618802735af465ca39f0a1d
 DIST qtbase-5.15.9-gentoo-kde-1.tar.xz 748840 BLAKE2B 6601efaba2bd9f64edec9ab24a562b2850fe85e088acb2913a06a4a97f82fea015ae9cf20908e5044a0170a2f837cf94a67ac6e870da8ea6e7603057b5683c1a SHA512 60e6c338136affc936c776c129fd2d6620f5e36db8ded32970d59e953bf843786a6deea6cb529488dbd58dfc7c8ea9e71580026fdda8b364596f095e8e9b7791
 DIST qtbase-everywhere-opensource-src-5.15.9.tar.xz 50389220 BLAKE2B b1692f5907b7a262a8cad33d45935d76f72f2fb78b970b57fba76ef9f6789d1d7a435278a450ff1f3556c0846fa8dd8295707ead6adf21af6cd17fbe7f0d82f8 SHA512 2da78ea043c03fa4ff7c6a39c41a5d1b30af06248764e6f5eef3fe4aeb3f3d20e302fa7c5827112c89b6bc7c5c0c292454d127f9d7bb0d2031175f0f2c937ed3
+EBUILD qtgui-5.15.9-r1.ebuild 3923 BLAKE2B c869ec4e881977475f90cafe532965c4558e774a610558b4251fc1fd2fa1a0ca08e55223d00335be919614cfff7942117fe507a2cf8105c4ebbe9d11e0b13114 SHA512 96246f43c846fcd0706cabf4880c162005e2923107be794521a3b924faf56272102c123a040312a368e6565355a0da6d30c6cce7cd489e54b51ea894657836a0
 EBUILD qtgui-5.15.9.ebuild 3864 BLAKE2B f8a7f4a2ea9e992bbb61305f52c21a9ea835d7aca14bc970cfd65df21f348cede9b029e9b9cfcc452177a2a4bcf3a0330b2f7c3b249adf1fe910f6469a93148c SHA512 5b0e0e0371e2bbe33657b83f7503ff5b19511c98218a47c77fc040a4c8cf18773e32ce85c0b2d143581d64cae187bdbd56c7100c1fe4543fafe81ca29794f6ab
 MISC metadata.xml 1332 BLAKE2B 9e3b90622029fb3c2345b61a3d5d5c55c9e364f2872cdcbd74d34c2af41a692e8e6e03396799c0ce2ec74d3b0dc3e86e755502217f25a18d6e822389ec8481b7 SHA512 1eb4740fcbdceed313e24e019424d08239539eede918f41964ab092d85ec9f78665a40922f92467eceaf1ac7632c0b12c5368884f7128b8b119550c3c87b5e67
diff --git a/dev-qt/qtgui/files/qtgui-5.15.9-CVE-2023-32763.patch b/dev-qt/qtgui/files/qtgui-5.15.9-CVE-2023-32763.patch
new file mode 100644
index 000000000000..2b34807fbd03
--- /dev/null
+++ b/dev-qt/qtgui/files/qtgui-5.15.9-CVE-2023-32763.patch
@@ -0,0 +1,71 @@
+From e6c8aa2426ef5bd575f85aae530322b145b49006 Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen <allan.jensen@qt.io>
+Date: Fri, 5 May 2023 09:51:32 +0200
+Subject: [PATCH] Fix specific overflow in qtextlayout (CVE-2023-32763)
+
+Fixes: QTBUG-113337
+Pick-to: 6.5 6.5.1 6.2 5.15
+Change-Id: I13579306defceaccdc0fbb1ec0e9b77c6f8d1af9
+Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
+Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
+(cherry picked from commit 7b7a01c266b507636eab51a36328c7c72d82d93c)
+
+* asturmlechner 2023-05-23: Upstream backport to 5.15 taken from
+  https://www.qt.io/blog/security-advisory-qt-svg-1
+---
+ src/gui/painting/qfixed_p.h  | 9 +++++++++
+ src/gui/text/qtextlayout.cpp | 9 ++++++---
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h
+index 846592881c..57d750a4b3 100644
+--- a/src/gui/painting/qfixed_p.h
++++ b/src/gui/painting/qfixed_p.h
+@@ -54,6 +54,7 @@
+ #include <QtGui/private/qtguiglobal_p.h>
+ #include "QtCore/qdebug.h"
+ #include "QtCore/qpoint.h"
++#include <QtCore/private/qnumeric_p.h>
+ #include "QtCore/qsize.h"
+ 
+ QT_BEGIN_NAMESPACE
+@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 <
+ Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; }
+ Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); }
+ 
++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++    int val;
++    bool result = add_overflow(v1.value(), v2.value(), &val);
++    r->setValue(val);
++    return result;
++}
++
+ #ifndef QT_NO_DEBUG_STREAM
+ inline QDebug &operator<<(QDebug &dbg, const QFixed &f)
+ { return dbg << f.toReal(); }
+diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
+index 26ac37b016..f6c69ff4a2 100644
+--- a/src/gui/text/qtextlayout.cpp
++++ b/src/gui/text/qtextlayout.cpp
+@@ -2150,11 +2150,14 @@ found:
+         eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
+     } else {
+         eng->minWidth = qMax(eng->minWidth, lbh.minw);
+-        eng->maxWidth += line.textWidth;
++        if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
++            eng->maxWidth = QFIXED_MAX;
+     }
+ 
+-    if (line.textWidth > 0 && item < eng->layoutData->items.size())
+-        eng->maxWidth += lbh.spaceData.textWidth;
++    if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
++        if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth))
++            eng->maxWidth = QFIXED_MAX;
++    }
+ 
+     line.textWidth += trailingSpace;
+     if (lbh.spaceData.length) {
+-- 
+2.40.1
+
diff --git a/dev-qt/qtgui/qtgui-5.15.9-r1.ebuild b/dev-qt/qtgui/qtgui-5.15.9-r1.ebuild
new file mode 100644
index 000000000000..ae7cbfc33ac7
--- /dev/null
+++ b/dev-qt/qtgui/qtgui-5.15.9-r1.ebuild
@@ -0,0 +1,180 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+if [[ ${PV} != *9999* ]]; then
+	QT5_KDEPATCHSET_REV=1
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="The GUI module and platform plugins for the Qt5 framework"
+
+SLOT=5/${QT5_PV} # bug 707658
+IUSE="accessibility dbus egl eglfs evdev gles2-only ibus jpeg +libinput
+	linuxfb +png tslib tuio +udev vnc vulkan wayland +X"
+REQUIRED_USE="
+	|| ( eglfs linuxfb vnc X )
+	accessibility? ( dbus X )
+	eglfs? ( egl )
+	ibus? ( dbus )
+	libinput? ( udev )
+	X? ( gles2-only? ( egl ) )
+"
+
+RDEPEND="
+	dev-libs/glib:2
+	=dev-qt/qtcore-${QT5_PV}*:5=
+	dev-util/gtk-update-icon-cache
+	media-libs/fontconfig
+	media-libs/freetype:2
+	media-libs/harfbuzz:=
+	sys-libs/zlib:=
+	dbus? ( =dev-qt/qtdbus-${QT5_PV}* )
+	eglfs? (
+		media-libs/mesa[gbm(+)]
+		x11-libs/libdrm
+	)
+	evdev? ( sys-libs/mtdev )
+	jpeg? ( media-libs/libjpeg-turbo:= )
+	gles2-only? ( media-libs/libglvnd )
+	!gles2-only? ( media-libs/libglvnd[X] )
+	libinput? (
+		dev-libs/libinput:=
+		x11-libs/libxkbcommon
+	)
+	png? ( media-libs/libpng:= )
+	tslib? ( >=x11-libs/tslib-1.21 )
+	tuio? ( =dev-qt/qtnetwork-${QT5_PV}* )
+	udev? ( virtual/libudev:= )
+	vnc? ( =dev-qt/qtnetwork-${QT5_PV}* )
+	vulkan? ( dev-util/vulkan-headers )
+	X? (
+		x11-libs/libICE
+		x11-libs/libSM
+		x11-libs/libX11
+		x11-libs/libxcb:=
+		x11-libs/libxkbcommon[X]
+		x11-libs/xcb-util-image
+		x11-libs/xcb-util-keysyms
+		x11-libs/xcb-util-renderutil
+		x11-libs/xcb-util-wm
+	)
+"
+DEPEND="${RDEPEND}
+	evdev? ( sys-kernel/linux-headers )
+	linuxfb? ( sys-kernel/linux-headers )
+	udev? ( sys-kernel/linux-headers )
+	X? ( x11-base/xorg-proto )
+"
+PDEPEND="
+	ibus? ( app-i18n/ibus )
+	wayland? ( =dev-qt/qtwayland-${QT5_PV}* )
+"
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2023-32763.patch" )
+
+QT5_TARGET_SUBDIRS=(
+	src/tools/qvkgen
+	src/gui
+	src/openglextensions
+	src/platformheaders
+	src/platformsupport
+	src/plugins/generic
+	src/plugins/imageformats
+	src/plugins/platforms
+	src/plugins/platforminputcontexts
+)
+
+QT5_GENTOO_CONFIG=(
+	accessibility:accessibility-atspi-bridge
+	egl:egl:
+	eglfs:eglfs:
+	eglfs:eglfs_egldevice:
+	eglfs:eglfs_gbm:
+	evdev:evdev:
+	evdev:mtdev:
+	:fontconfig:
+	:system-freetype:FREETYPE
+	!:no-freetype:
+	gles2-only::OPENGL_ES
+	gles2-only:opengles2:OPENGL_ES_2
+	!:no-gui:
+	:system-harfbuzz:
+	!:no-harfbuzz:
+	jpeg:system-jpeg:IMAGEFORMAT_JPEG
+	!jpeg:no-jpeg:
+	libinput
+	libinput:xkbcommon:
+	:opengl
+	png:png:
+	png:system-png:IMAGEFORMAT_PNG
+	!png:no-png:
+	tslib:tslib:
+	udev:libudev:
+	vulkan:vulkan:
+	X:xcb:
+	X:xcb-glx:
+	X:xcb-plugin:
+	X:xcb-render:
+	X:xcb-sm:
+	X:xcb-xlib:
+	X:xcb-xinput:
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+	:gui
+)
+
+src_prepare() {
+	# don't add -O3 to CXXFLAGS, bug 549140
+	sed -i -e '/CONFIG\s*+=/s/optimize_full//' src/gui/gui.pro || die
+
+	# egl_x11 is activated when both egl and X are enabled
+	use egl && QT5_GENTOO_CONFIG+=(X:egl_x11:) || QT5_GENTOO_CONFIG+=(egl:egl_x11:)
+
+	qt_use_disable_config dbus dbus \
+		src/platformsupport/themes/genericunix/genericunix.pri
+
+	qt_use_disable_config tuio tuiotouch src/plugins/generic/generic.pro
+
+	qt_use_disable_mod ibus dbus \
+		src/plugins/platforminputcontexts/platforminputcontexts.pro
+
+	use vnc || sed -i -e '/SUBDIRS += vnc/d' \
+		src/plugins/platforms/platforms.pro || die
+
+	qt5-build_src_prepare
+}
+
+src_configure() {
+	local myconf=(
+		$(usev dbus -dbus-linked)
+		$(qt_use egl)
+		$(qt_use eglfs)
+		$(usev eglfs '-gbm -kms')
+		$(qt_use evdev)
+		$(qt_use evdev mtdev)
+		-fontconfig
+		-system-freetype
+		-gui
+		-system-harfbuzz
+		$(qt_use jpeg libjpeg system)
+		$(qt_use libinput)
+		$(qt_use linuxfb)
+		-opengl $(usex gles2-only es2 desktop)
+		$(qt_use png libpng system)
+		$(qt_use tslib)
+		$(qt_use udev libudev)
+		$(qt_use vulkan)
+		$(qt_use X xcb)
+		$(usev X '-xcb-xlib')
+	)
+	if use libinput || use X; then
+		myconf+=( -xkbcommon )
+	fi
+	qt5-build_src_configure
+}